Overview

overview

1

Static

static

1

patreon-do....3.zip

windows7-x64

1

patreon-do....3.zip

windows10-2004-x64

1

Resubmissions

21/07/2024, 19:41

240721-yehdfs1epe 1

21/07/2024, 19:41

240721-yd3m1a1ene 7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2024, 19:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    patreon-downloader-1.1.3.zip

  • Size

    344KB

  • MD5

    4c4e0c5a125af711acef60db3b5f0a55

  • SHA1

    b139c9af7aae1f7e7d74b49e848211288c5f15fe

  • SHA256

    e91056d140d4b1f647fa92d6ddab5c986c8eb54f738f8c84ce0de009ba901580

  • SHA512

    59dba867f779ad74c7f9dc14ec53f413ff4c601b651ae007849a94c5cfec30ea534e24279496bdc66129d3fcf5e63d64b16362595b7580860a1bd3653d2b0f56

  • SSDEEP

    6144:0jIWdbY1dHQaNx1leUGaHB3SaPoBA+Sb2z7RI+RYkGW+PTsk9Sn9TLyRm/GqaibN:0jIWZYnHQaNx1leUGo3SYoBA+yZ0HGP8

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of FindShellTrayWindow 16 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\patreon-downloader-1.1.3.zip
    1⤵
      PID:2632
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2660
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\UseHide.mp2"
        1⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:3032
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RestartTrace.mp4"
        1⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:1276

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\vlc\ml.xspf
        Filesize

        304B

        MD5

        781602441469750c3219c8c38b515ed4

        SHA1

        e885acd1cbd0b897ebcedbb145bef1c330f80595

        SHA256

        81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

        SHA512

        2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

        Download Submit

      • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
        Filesize

        529B

        MD5

        6654f3928a61738e11d1f108bdbcc1de

        SHA1

        ae062bf038b47d6377d4de28df229d6f1fad2bec

        SHA256

        71d2355d55a7dcb53fb44f1f8bb698f223ee67840815fab19dce050bb23f3401

        SHA512

        4bd3bf0ac77aaad8b9e0acf3ae5dea8e4de04163185c05418dfd5499306a513990a2d22e23067597dea1f253a7ca80f20e64ac5898a61317af9a61888e462c7f

        Download Submit

      • memory/1276-26-0x000000013F240000-0x000000013F338000-memory.dmp

        Filesize

        992KB

        Download

      • memory/1276-28-0x000007FEF50A0000-0x000007FEF5356000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/1276-29-0x000007FEF4780000-0x000007FEF488E000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/1276-30-0x000007FEF3650000-0x000007FEF4700000-memory.dmp

        Filesize

        16.7MB

        Download

      • memory/1276-27-0x000007FEF5360000-0x000007FEF5394000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3032-13-0x000007FEF4BA0000-0x000007FEF4BD4000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3032-12-0x000000013F1A0000-0x000000013F298000-memory.dmp

        Filesize

        992KB

        Download

      • memory/3032-14-0x000007FEF48E0000-0x000007FEF4B96000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/3032-15-0x000007FEF3410000-0x000007FEF44C0000-memory.dmp

        Filesize

        16.7MB

        Download